/**
 * Vulnerability.js
 *
 * @description :: A model definition represents a database table/collection.
 * @docs        :: https://sailsjs.com/docs/concepts/models-and-orm/models
 */

// Set the columnType of the cveDescription attribute based on the database adapter the app is configured to use.
// FUTURE: When this app is moved into the fleetdm/fleet repo, update this file to support only one type of database.
let cveDescriptionColumnType = 'text';
if(sails.config.datastores.default.adapter === 'sails-mysql'){
  cveDescriptionColumnType = 'longtext';
}

module.exports = {

  attributes: {

    //  ╔═╗╦═╗╦╔╦╗╦╔╦╗╦╦  ╦╔═╗╔═╗
    //  ╠═╝╠╦╝║║║║║ ║ ║╚╗╔╝║╣ ╚═╗
    //  ╩  ╩╚═╩╩ ╩╩ ╩ ╩ ╚╝ ╚═╝╚═╝
    cveId: {
      example: 'CVE-2022-43253',
      type: 'string',
      // unique: true,  // TODO: address
      required: true
    },

    fleetSoftwareItemUrl: {
      example: 'https://fleet.example.com/software/125820',
      type: 'string',
      isURL: true,
      required: true
    },

    additionalDetailsUrl: {
      example: 'https://nvd.nist.gov/vuln/detail/CVE-2022-43253',
      type: 'string',
      isURL: true,
      required: true
    },

    probabilityOfExploit: {
      example: 0.00885,
      description: 'Whether a known exploit exists, according to CISA.',
      extendedDescription: 'This is called `epss_probability` in the Fleet API. If the Fleet server sends this value as null, this value will be set to 0.',
      type: 'number',
      required: true
    },

    severity: {
      example: 6.5,
      description: 'Whether a known exploit exists, according to CISA.',
      extendedDescription: 'This is called `cvss_score` in the Fleet API.',
      type: 'number',
      required: true
    },

    hasKnownExploit: {
      description: 'Whether a known exploit exists, according to CISA.',
      extendedDescription: 'This is called `cisa_known_exploit` in the Fleet API.',
      type: 'boolean',
      required: true
    },

    publishedAt: {
      example: 1670152500000,
      description: 'JS timestamp representing when this vulnerability was originally published; for example in the NVD (national vulnerability database).',
      type: 'number',
      isInteger: true,
      min: 1,// « Since CVEs were not published this far in the past (≈1970), we use this validation as a failsafe.
      required: true,
    },

    isPriority: {
      description: 'Whether or not this Vulnerability is being tracked as a priority CVE.',
      extendedDescription: 'Vulnerability records that have this value set to true will have their patch progress shown on the /dashboard page.',
      type: 'boolean',
      defaultsTo: false,
    },

    cveDescription: {
      description: 'The NVD description for this vulnerability.',
      type: 'string',
      columnType: cveDescriptionColumnType,// This will be automatically set to 'longtext' for MySQL, or 'text' for Postgres.
    },

    //  ╔═╗╔╦╗╔╗ ╔═╗╔╦╗╔═╗
    //  ║╣ ║║║╠╩╗║╣  ║║╚═╗
    //  ╚═╝╩ ╩╚═╝╚═╝═╩╝╚═╝


    //  ╔═╗╔═╗╔═╗╔═╗╔═╗╦╔═╗╔╦╗╦╔═╗╔╗╔╔═╗
    //  ╠═╣╚═╗╚═╗║ ║║  ║╠═╣ ║ ║║ ║║║║╚═╗
    //  ╩ ╩╚═╝╚═╝╚═╝╚═╝╩╩ ╩ ╩ ╩╚═╝╝╚╝╚═╝
    installs: { collection: 'VulnerabilityInstall', via: 'vulnerability', description: 'Everywhere this vulnerability has been installed, past and present.' },
    hosts: { collection: 'Host', through: 'VulnerabilityInstall', via: 'vulnerability' },
  },

};

